I'm guessing they mean AV software for removal of windows viruses on thumb-drives? AV software for linux is 100% unnecessary AFAIK. Maybe a sysadmin could chime in?
AV software is effectively a really complicated blacklist-based form of access control, which is a terrible way to do security in the first place.
There's no reason for antivirus software of this kind of exist on desktop Linux, because the whole operating system is free software, so if we want to fix some vulnerability that malware exploits, we can just do it (for example, by sandboxing applications), rather than implementing kludgy workarounds that turn users' machines into battlegrounds.
From what I hear, Wayland should help a lot with this, since it's much simpler and provides better isolation than X11.
No. My knowledge might be a bit dated, but as far as I know, there is nothing good. But you also don't need realtime Antivirus software for Linux, there still are no real active viruses for Linux.
The scanner for detecting windows-virus while using Linux were said to be ok (ClamAV, I think).
There are active worms for insecure software that runs on Linux (and weak SSH passwords), so that'd be detectable.
Something more like an IDS that detects known-insecure software and configurations is probably more useful than a pattern-matching evil bytes detector though.
Protecting the OS does protect you: stealing my data/cookies today is different than installing OS level backdoor / keylogger and stealing my bank password, tax prep, etc next month/year/etc.
If they've stolen your cookies, they can already login as you. The keylogger is already going to run in user space, as you.
You don't need to compromise root/a privileged user in order to get the keys to the kingdom. Once I've compromised whatever user your browser environment runs as, mission accomplished.
its really not a big deal to type sudo when installing stuff.
Also if you have any hope of dealing with servers in the wider world, you want to shake that habit pronto (and learn ssh keys).
Also your ironically complaining you can't disable your anti-virus software, but the fact is you have a sloppy approach to security that your IT department is protecting everyone in the company from.
Because then any malware that gets installed by you (or a program you run, like, say, your browser) has root privileges. If you were not logged in as root, anything running as you would not have root privileges and therefore would have much less power to ruin your computer.
It's not a controversial statement. It's security 101. Hell, even Windows Vista implemented the same strategy once Microsoft realized logging in with admin rights was a bad idea.
I'm logged in as root to a headless server that doesn't even run a GUI. I pretty much only install software from the Ubuntu repository. The server is only used by me.
I use windows defender because it comes with windows 8 and it's enabled by default (if that counts). I don't remember the last time I was infected by malware though.
On Windows machine it's pretty much impossible not to. Try installing Windows XP on a virtual box without any firewall setup, and within a day(or even hour) you will get infected. Windows Defender is fairly reliable as far as I've heard, but I'd be happier knowing that someone more qualified who specifically does that for a living is looking over.
Also, when you have non-tech-savvy families you generally want to just get a cover-multiple-pc-at-a-license deals, just because it saves you a lot of hassles.
Even if you're tech savvy it's still fairly easy to get infected by a trojan on a hijacked site. I use ff/chrome and avast! on Windows, which seems to be sufficient protection.
I'm a Mac guy, but come on. Windows XP is 12 years old. That's hardly a fair test. I haven't seen reports of Windows 7/8 machines getting rapidly infected like XP did.
I think you can be assured that the Windows Defender team does antivirus stuff for a living, just as much as AV vendors do.
Yes, but the expected time of survival of a newly-installed WinXP machine was extraordinarily short eight or so years ago - not really long enough to enable one to connect to Windows Update and get the thing protected.
On an un-patched, un-updated Windows XP machine, maybe. From Vista onward, the built-in software firewall and UAC make a default install relatively safe. I never ran any real-time virus protection on Vista and 7 (though I did run a few manual scans just to be sure, which were all clean) on a variety of machines and never had any issues.
What, like the original release of XP from 2001? I'm trying to find a worm that uses a vulnerability that works on an out of the box, unpatched XP SP3 and the closest I can find is Conflicker and related MS08-067 worms, but even that requires turning off the on-by-default firewall or enabling non-default sharing settings.
My existing Windows machines run ESET but I'm considering not for my new Win8 machine.
I love ESET and have found it finds and stops viruses missed by others. However I found that the built in AV with Win8 was finding things that ESET missed.
This leads me to believe that the stock AV is sufficient, and running an additional malware scanner periodically will give me the best results.
Being part of AV beta programs is a great way to have reliable AV without the need of purchasing licenses every year. I'am myself part of F-Secure beta programme, which I use to protect my Windows. Despite of few crashes with their banking protection, I feel safe to say that beta programs are as protective as any stable builds.
When I'm in Windows I'm only playing games or casually browsing the web so attacks aren't a concern and if I do get infected I'll just wipe it and let Steam re-sync things. On my Mac I've got Time Machine just in case things get weird but, while I know OS X isn't virus-proof, I'm really not worried about catching something.
If you don't download warez you don't need an antivirus. Just follow good old fashioned policies, like not opening executable attachments in emails, don't install codecs from companies you don't know etc., and install a firewall to monitor outgoing traffic.
I have a Windows 7 desktop and occasionally I might run a scan from an antimalware software. That's as far as I'm willing to go, I don't install special av software because they consume a lot of resources especially with real time analysis.
EDIT: Furthermore, if you’re a tad paranoid you can enable AppLocker in Windows to eliminate any chance of an unwanted program wreaking havoc on your machine. Anything that’s not signed by a company you approve doesn’t run.
I'm going to say that's not true, because that opens you up to being exploited through methods you trust. You might not think a PDF can hurt you, but without AV you don't even stand a chance.
That might have been true a few years ago but it just isnt these days. Malware is being injected into ad networks on a semi-regular basis (I see Adblock as a defensive mechanism morese than something to get rid of ads). Sites also get hacked and can infect you that way.
Its like saying people only care about NSA spying because they have something to hide -- its faulty logic.
Trying to give out this type of help is counter productive, visiting a website could get you infected. Antiviruses won't tell you when you have been infected with a zero-day but they will help you out later. It's best to have or to run files in a sandbox before you use them on a production system.
> If you don't download warez you don't need an antivirus.
That works most of the time, but it's not the only attack vector around: browser exploits (e.g. via ads), malevolous attachments sent by known contacts, direct attacks over networks and so on.
In any case, it only takes once if you lower your guard; I'd run at least a lightweight one if I were you.
I use Gentoo Linux and do not have any antivirus software. There doesn't really seem to be any for Linux systems.
If someone knows of one please recommend it so I can take a look.
Then again, there's fairly few viruses targeted at Linux systems and I'm sure even fewer I'd be likely to get on my Gentoo system.
The only one I've heard of is http://www.clamav.net/lang/en/ I installed it once on a mailserver due to the guide I was using recommending it but I do not use it on any systems I use day-to-day.
even fewer I'd be likely to get on my Gentoo system
I think you've just pointed out exactly why even though Linux viruses exist, they don't get a foothold (go "epidemic"). There's huge software diversity. I run Arch, you run Gentoo, others run Debian... The same goes for any given piece of software that's regularly infected in the Windows culture: email clients, web servers, web browsers.
So, why was the Dan Geer "against monoculture" thing suppressed so enthusiastically a few years ago?
98 comments
[ 2.8 ms ] story [ 168 ms ] threadThere's no reason for antivirus software of this kind of exist on desktop Linux, because the whole operating system is free software, so if we want to fix some vulnerability that malware exploits, we can just do it (for example, by sandboxing applications), rather than implementing kludgy workarounds that turn users' machines into battlegrounds.
From what I hear, Wayland should help a lot with this, since it's much simpler and provides better isolation than X11.
The scanner for detecting windows-virus while using Linux were said to be ok (ClamAV, I think).
Something more like an IDS that detects known-insecure software and configurations is probably more useful than a pattern-matching evil bytes detector though.
At home I use Linux and do not use antivirus software.
I also always log in as root. I like to live dangerously. :)
Man... I cannot even begin to express how bad this is.
Especially if there are drive-by attacks.
You don't need to compromise root/a privileged user in order to get the keys to the kingdom. Once I've compromised whatever user your browser environment runs as, mission accomplished.
Also if you have any hope of dealing with servers in the wider world, you want to shake that habit pronto (and learn ssh keys).
Also your ironically complaining you can't disable your anti-virus software, but the fact is you have a sloppy approach to security that your IT department is protecting everyone in the company from.
(I wonder what about my post makes you think you should talk down to me and make (incorrect) assumptions about my approach to security?)
Noob mistake. Never log in as root. Isn't sudo enough for you?
It's not a controversial statement. It's security 101. Hell, even Windows Vista implemented the same strategy once Microsoft realized logging in with admin rights was a bad idea.
I think it's okay if I log in as root if I want.
http://www.cso.com.au/article/441070/google_security_researc...
Also, when you have non-tech-savvy families you generally want to just get a cover-multiple-pc-at-a-license deals, just because it saves you a lot of hassles.
I think you can be assured that the Windows Defender team does antivirus stuff for a living, just as much as AV vendors do.
I love ESET and have found it finds and stops viruses missed by others. However I found that the built in AV with Win8 was finding things that ESET missed.
This leads me to believe that the stock AV is sufficient, and running an additional malware scanner periodically will give me the best results.
I was using Avast for years before that but then they started showing ads and other BS so I decided to let it go.
When I'm in Windows I'm only playing games or casually browsing the web so attacks aren't a concern and if I do get infected I'll just wipe it and let Steam re-sync things. On my Mac I've got Time Machine just in case things get weird but, while I know OS X isn't virus-proof, I'm really not worried about catching something.
I have a Windows 7 desktop and occasionally I might run a scan from an antimalware software. That's as far as I'm willing to go, I don't install special av software because they consume a lot of resources especially with real time analysis.
EDIT: Furthermore, if you’re a tad paranoid you can enable AppLocker in Windows to eliminate any chance of an unwanted program wreaking havoc on your machine. Anything that’s not signed by a company you approve doesn’t run.
Its like saying people only care about NSA spying because they have something to hide -- its faulty logic.
this is just plain false with all the other attacks out there today.
There are many methods of malware delivery which are easily accidentally triggered, even if you're following the basic rules
Drive-by downloads, clickjacking, having java installed, etc can get you infected even if you're a savvy user
That works most of the time, but it's not the only attack vector around: browser exploits (e.g. via ads), malevolous attachments sent by known contacts, direct attacks over networks and so on.
In any case, it only takes once if you lower your guard; I'd run at least a lightweight one if I were you.
Then again, there's fairly few viruses targeted at Linux systems and I'm sure even fewer I'd be likely to get on my Gentoo system.
I think you've just pointed out exactly why even though Linux viruses exist, they don't get a foothold (go "epidemic"). There's huge software diversity. I run Arch, you run Gentoo, others run Debian... The same goes for any given piece of software that's regularly infected in the Windows culture: email clients, web servers, web browsers.
So, why was the Dan Geer "against monoculture" thing suppressed so enthusiastically a few years ago?
As far as I understand, most of AV detection is still based around hash matching. Someone should correct me if I am wrong, though.
It's a surprizingly hard to answer that. The set of virus change every day, and is always unknown.
> most of AV detection is still based around hash matching.
Things are not that clear cut here either. The most usefull matching is hash based. Anti-virus also use other algos, they are just less reliable.